10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
9.1 High
AI Score
Confidence
High
0.885 High
EPSS
Percentile
98.7%
Debian Security Advisory DSA-2406-1 [email protected]
http://www.debian.org/security/ Florian Weimer
February 09, 2012 http://www.debian.org/security/faq
Package : icedove
Vulnerability : several
Problem type : remote
Debian-specific: no
CVE ID : CVE-2011-3670 CVE-2012-0442 CVE-2012-0444 CVE-2012-0449
Several vulnerabilities have been discovered in Icedove, Debian's
variant of the Mozilla Thunderbird code base.
CVE-2011-3670
Icedove does not not properly enforce the IPv6 literal address
syntax, which allows remote attackers to obtain sensitive
information by making XMLHttpRequest calls through a proxy and
reading the error messages.
CVE-2012-0442
Memory corruption bugs could cause Icedove to crash or
possibly execute arbitrary code.
CVE-2012-0444
Icedove does not properly initialize nsChildView data
structures, which allows remote attackers to cause a denial of
service (memory corruption and application crash) or possibly
execute arbitrary code via a crafted Ogg Vorbis file.
CVE-2012-0449
Icedove allows remote attackers to cause a denial of service
(memory corruption and application crash) or possibly execute
arbitrary code via a malformed XSLT stylesheet that is
embedded in a document
For the stable distribution (squeeze), this problem has been fixed in
version 3.0.11-1+squeeze7.
We recommend that you upgrade your icedove packages.
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/
Mailing list: [email protected]
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 6 | mipsel | iceape-browser | < 2.0.11-10 | iceape-browser_2.0.11-10_mipsel.deb |
Debian | 6 | powerpc | spidermonkey-bin | < 1.9.1.16-12 | spidermonkey-bin_1.9.1.16-12_powerpc.deb |
Debian | 5 | arm | xulrunner-1.9-dbg | < 1.9.0.19-16 | xulrunner-1.9-dbg_1.9.0.19-16_arm.deb |
Debian | 5 | amd64 | libmozjs1d-dbg | < 1.9.0.19-16 | libmozjs1d-dbg_1.9.0.19-16_amd64.deb |
Debian | 5 | i386 | xulrunner-1.9 | < 1.9.0.19-16 | xulrunner-1.9_1.9.0.19-16_i386.deb |
Debian | 5 | armel | xulrunner-1.9-gnome-support | < 1.9.0.19-16 | xulrunner-1.9-gnome-support_1.9.0.19-16_armel.deb |
Debian | 6 | ia64 | iceweasel | < 3.5.16-12 | iceweasel_3.5.16-12_ia64.deb |
Debian | 6 | kfreebsd-amd64 | iceape-dbg | < 2.0.11-10 | iceape-dbg_2.0.11-10_kfreebsd-amd64.deb |
Debian | 6 | amd64 | iceape-browser | < 2.0.11-10 | iceape-browser_2.0.11-10_amd64.deb |
Debian | 5 | mips | xulrunner-1.9-dbg | < 1.9.0.19-16 | xulrunner-1.9-dbg_1.9.0.19-16_mips.deb |